Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
Murder hornets, cannibal rats, and now biowarfare monkeys. I’m done with 2020. newsweek.com/28-days-later-p…
1
Replying to @ustayready
The universal socket grip looks good too.
1
Air dropped medical supplies from drones to combat theft by the federal government. (I made up that last part, but NC has seen supplies seized by the feds) ktla.com/news/local-news/ami…
1
Replying to @RSnake @jeremiahg @ma
Research. “Rsnake short shorts” was to see if there was a very short documentary about you.
Replying to @RSnake @jeremiahg @ma
I have your camera there, but had to turn it off. Not my lane.
1
1
Replying to @RSnake @jeremiahg @ma
Not that snake, put it away.
1
1
Replying to @randomdross
The process or the feature?
Murder hornets and now cannibal rats. What a time to be alive. amp.theguardian.com/world/20…
1
1
Replying to @randomdross
Clip art and word art would have made making websites easier.
At the risk of expressing an unpopular opinion, phishing exercises will you you what you already know: some employees will fall for it. It's more useful to use these exercises to learn about new vectors (e.g. OAuth phishing) than shame employees. theregister.co.uk/2020/05/21…

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell...

Welp, at least that's better than industry averages, says code-hosting biz

theregister.com
12
45
4
197
Want to learn about "Software and Security Engineering"? Cambridge's @rossjanderson has his lectures online for free (no registration required). cl.cam.ac.uk/teaching/1920/S…
1
If you're thinking of going meatless, this may inspire you to do it. nytimes.com/2020/05/21/opini…
Decided to publish a simple little tool I wrote up - first post that is NOT about iOS! 🙂 allysonomalley.com/2020/05/2…

Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor

I’ve been working on a few small projects while learning Go, and this one turned out to be useful enough that I thought I’d go ahead and publish it. For the first time, this post is not…

allysonomalley.com
18
174
2
567
Replying to @realhamed @1Br0wn
“But where did Boris first start to cultivate this secret weapon? And how has he used it over the years to his political advantage? And what does it mean for the future of our country? And our national security as a whole? And how can we get the look?” marieclaire.co.uk/news/celeb…
2
Replying to @realhamed @1Br0wn
That P20 Pro in Shimmering Twilight is a sweet phone though! scmp.com/news/world/united-s…
2
Bil Corry retweeted
comex @comex
22 May 2020
lwn.net/Articles/820969/ Qmail vulnerability that was reported in 2005 and djb claimed to not be exploitable… turns out in 2020 to be exploitable. But djb refuses to admit it’s exploitable because he personally runs qmail-local under a memory limit too low for exploitability.

A remote code execution vulnerability in qmail

Just in case anybody out there is still using qmail: a remote code execution vulnerability has just been disclosed. Its CVE number is CVE-2005-1513 because, as it turns out, the problem was reported...

lwn.net
4
13
3
58
Bil Corry retweeted
owasp @owasp
22 May 2020
The #OWASP Foundation is hosting Virtual Trainings during our Summer of #Security Virtual AppSec Days events taking place June - August 2020. Call for trainers is closing TONIGHT. Visit our website to review submission guidelines. ow.ly/JVnO50zHwta
6
2
Replying to @EyeSophrona
Awesome, thanks!
Facebook is helping criminals steal FB credentials by showing these phishing posts and not having a way to flag them. 🙄
Load more